Computer applications traditionally require a user to log in by providing information to verify the user's identity (typically account name and password). Such passwords are usually a series of letters, numbers, and symbols. Because often such log-ins are in public spaces, such as at Automated Teller Machines (ATMs), a user runs the risk of being watched during the login process and having his password discovered. For example, a thief could surreptitiously watch the login transaction and thus capture the user name and password. In addition, if the user login attempt is performed over the Internet, the user name and password could be collected using malicious software, also known as malware. However the sensitive information is collected, the thief could then himself log in to the user's account using the misappropriated username and password, and conduct business posing as the user.
The cost to affected users and businesses of computer-based fraud is enormous. Many users find themselves responsible for paying for purchases that they did not make. Their banks and credit card companies often assume the responsibility for the debt. In response to the security threat provided by such fraud, many banks and businesses, especially those that sell mainly over the Internet, provide fraud insurance or guarantees to users. In addition, they invest in extensive computer security measures designed to protect against computer-based fraud.
Certain solutions have been suggested to make logins more secure. For example, some systems require multiple passwords from users before they can obtain access to a computer. Users are sometimes presented with challenge questions, to which they need to remember details from their past or answers that may change over time (What was your high school/first pet/first date? What is your favorite food/drink/book/movie? Who is your best friend?) Users are advised to avoid using the same password over and over. If a user must maintain and/or remember multiple complicated passwords for disparate applications, from a usability perspective, access to computer applications becomes considerably less convenient whether the desired applications are accessed through disparate locations, such as locally, on a local network, or over the Internet. In addition, many passwords are text based which make them vulnerable to misappropriation by thieves.
Therefore, it is desirable to have a login system for computer applications that is simple, easy for the user to remember, difficult for the hacker to misappropriate, and takes into account the modern reality of our access to multiple computer applications through disparate locations, whether locally, on a local network, or over the Internet.